Multi-domain AD and Users Who Aren't So Bright

Matthew Newton mcn4 at leicester.ac.uk
Thu Feb 2 21:59:44 CET 2012


On Thu, Feb 02, 2012 at 06:33:19PM +0100, NdK wrote:
> I'm trying (with no luck :( ) to use
> /usr/bin/net ads search -P "(mail=%{User-Name})" sAMAccountName|grep
> sAMAccountName|sed "s/^[^ ]* //"
> (maybe it's possible to do the same without using grep and sed, but it's
> been just a quick test -- suggestions welcome).

Have you tried ldapsearch? Might be more flexible.

> A limit of net ads search is that it searches only the default (joined)
> domain, unless you specify another domain controller with -S or -I -- I
> could easily do that based on the mail domain but in others setups it
> could be harder.

I'm rather guessing here, but I wonder if LDAP searching the AD
global catalogue (ports 3268/3269) would make this work with one
search?

But that's not really a FreeRADIUS issue. You'd probably be better
finding a samba or AD list.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>



More information about the Freeradius-Users mailing list